Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE: Fix iptables persistence after reboot #373

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions roles/etcd/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[metacloud@mcp1 ansible]$ cat roles/etcd/tasks/main.yml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's this ?

---
# This role contains tasks for configuring and starting etcd service

Expand Down Expand Up @@ -26,14 +27,20 @@
yum: pkg={{ item }} state=present
with_items:
- iptables-services
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
Copy link
Contributor

@tiewei tiewei Oct 11, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be able to use ansible_os_family instead


- name: Install iptables-persistent
- name: Install iptables-persistent
apt: name={{item}} state=installed
with_items:
- iptables-persistent
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'

- name: Enable iptables service
command: systemctl enable iptables
Copy link
Contributor

@tiewei tiewei Oct 11, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use service module instead


- name: Start iptables service
command: systemctl start iptables
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto


- name: setup iptables for etcd
shell: >
( iptables -L INPUT | grep "{{ etcd_rule_comment }} ({{ item }})" ) || \
Expand All @@ -45,10 +52,10 @@
- "{{ etcd_peer_port1 }}"
- "{{ etcd_peer_port2 }}"

# Save rules into /etc/sysconfig/iptables file for restoring rules on boot
# Save rules into /etc/sysconfig/iptables file for restoring rules on boot
- name: Save iptables
command: service iptables save
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should use systemctl instead ... , but this may still work on older version of rhel

when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'

- name: copy the etcd start/stop script
template: src=etcd.j2 dest=/usr/bin/etcd.sh mode=u=rwx,g=rx,o=rx
Expand All @@ -57,5 +64,4 @@
copy: src=etcd.service dest=/etc/systemd/system/etcd.service

- name: start etcd
systemd: name=etcd daemon_reload=yes state=started enabled=yes

systemd: name=etcd daemon_reload=yes state=started enabled=yes